Latest release having it into the archives was hardy; so closing that
report.
** Changed in: twiki (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/383085
Ti
** Changed in: twiki (Debian)
Status: New => Fix Released
--
TWiki 4.1.x CSRF vulnerability (CVE-2009-1339)
https://bugs.launchpad.net/bugs/383085
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu
Thank you for using Ubuntu and taking the time to report a bug. This
package is in universe and is community supported. If you are able,
perhaps you could prepare debdiffs to fix this by following
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures.
** Changed in: twiki (Ubuntu)
Status:
** Changed in: twiki (Debian)
Status: Unknown => New
--
TWiki 4.1.x CSRF vulnerability (CVE-2009-1339)
https://bugs.launchpad.net/bugs/383085
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs
FYI:
Patch aproach for hotfix are avaialble, but any actual patch is not written.
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2009-1339#Minimal_Hotfix_for_TWiki_Product
Aproachs are:
1) changing twiki-apache conf (/etc/twiki/apache.conf), it prevent from GET
access
for sensitive
